CVE-2022-49430

{"id": "CVE-2022-49430", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:19.480", "references": [{"url": "https://git.kernel.org/stable/c/4160e09619086fc155b51ccdb3462a3f233a5f4b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8b1ae300c2953257c146b5f0757537935c0b6027", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/96c460687813915dedca9dd7d04ae0e90607fd79", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cee409bbba0d1bd3fb73064fb480ff365f453b5d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - cancel delayed work only in case of GPIO\n\ngpio_keys module can either accept gpios or interrupts. The module\ninitializes delayed work in case of gpios only and is only used if\ndebounce timer is not used, so make sure cancel_delayed_work_sync()\nis called only when its gpio-backed and debounce_use_hrtimer is false.\n\nThis fixes the issue seen below when the gpio_keys module is unloaded and\nan interrupt pin is used instead of GPIO:\n\n[ 360.297569] ------------[ cut here ]------------\n[ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470\n[ 360.310531] Modules linked in: gpio_keys(-)\n[ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166\n[ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT)\n[ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 360.338318] pc : __flush_work+0x414/0x470\n[ 360.342385] lr : __cancel_work_timer+0x140/0x1b0\n[ 360.347065] sp : ffff80000a7fba00\n[ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000\n[ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001\n[ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000\n[ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48\n[ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40\n[ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c\n[ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008\n[ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080\n[ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458\n[ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000\n[ 360.422818] Call trace:\n[ 360.425299] __flush_work+0x414/0x470\n[ 360.429012] __cancel_work_timer+0x140/0x1b0\n[ 360.433340] cancel_delayed_work_sync+0x10/0x18\n[ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys]\n[ 360.443327] devm_action_release+0x10/0x18\n[ 360.447481] release_nodes+0x8c/0x1a0\n[ 360.451194] devres_release_all+0x90/0x100\n[ 360.455346] device_unbind_cleanup+0x14/0x60\n[ 360.459677] device_release_driver_internal+0xe8/0x168\n[ 360.464883] driver_detach+0x4c/0x90\n[ 360.468509] bus_remove_driver+0x54/0xb0\n[ 360.472485] driver_unregister+0x2c/0x58\n[ 360.476462] platform_driver_unregister+0x10/0x18\n[ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys]\n[ 360.486088] __arm64_sys_delete_module+0x1e0/0x270\n[ 360.490945] invoke_syscall+0x40/0xf8\n[ 360.494661] el0_svc_common.constprop.3+0xf0/0x110\n[ 360.499515] do_el0_svc+0x20/0x78\n[ 360.502877] el0_svc+0x48/0xf8\n[ 360.505977] el0t_64_sync_handler+0x88/0xb0\n[ 360.510216] el0t_64_sync+0x148/0x14c\n[ 360.513930] irq event stamp: 4306\n[ 360.517288] hardirqs last enabled at (4305): [<ffff8000080b0300>] __cancel_work_timer+0x130/0x1b0\n[ 360.526359] hardirqs last disabled at (4306): [<ffff800008d194fc>] el1_dbg+0x24/0x88\n[ 360.534204] softirqs last enabled at (4278): [<ffff8000080104a0>] _stext+0x4a0/0x5e0\n[ 360.542133] softirqs last disabled at (4267): [<ffff8000080932ac>] irq_exit_rcu+0x18c/0x1b0\n[ 360.550591] ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: gpio-keys - cancela el trabajo retrasado solo en caso de GPIO El m\u00f3dulo gpio_keys puede aceptar GPIO o interrupciones. El m\u00f3dulo inicializa el trabajo retrasado solo en caso de GPIO y solo se usa si no se usa el temporizador antirrebote, as\u00ed que aseg\u00farese de que cancel_delayed_work_sync() se llame solo cuando est\u00e9 respaldado por GPIO y debounce_use_hrtimer sea falso. Esto corrige el problema que se observa a continuaci\u00f3n cuando se descarga el m\u00f3dulo gpio_keys y se usa un pin de interrupci\u00f3n en lugar de GPIO: [ 360.297569] ------------[ cortar aqu\u00ed ]------------ [ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470 [ 360.310531] Modules linked in: gpio_keys(-) [ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166 [ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT) [ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 360.338318] pc : __flush_work+0x414/0x470 [ 360.342385] lr : __cancel_work_timer+0x140/0x1b0 [ 360.347065] sp : ffff80000a7fba00 [ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000 [ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001 [ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000 [ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48 [ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40 [ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c [ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008 [ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080 [ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458 [ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000 [ 360.422818] Call trace: [ 360.425299] __flush_work+0x414/0x470 [ 360.429012] __cancel_work_timer+0x140/0x1b0 [ 360.433340] cancel_delayed_work_sync+0x10/0x18 [ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys] [ 360.443327] devm_action_release+0x10/0x18 [ 360.447481] release_nodes+0x8c/0x1a0 [ 360.451194] devres_release_all+0x90/0x100 [ 360.455346] device_unbind_cleanup+0x14/0x60 [ 360.459677] device_release_driver_internal+0xe8/0x168 [ 360.464883] driver_detach+0x4c/0x90 [ 360.468509] bus_remove_driver+0x54/0xb0 [ 360.472485] driver_unregister+0x2c/0x58 [ 360.476462] platform_driver_unregister+0x10/0x18 [ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys] [ 360.486088] __arm64_sys_delete_module+0x1e0/0x270 [ 360.490945] invoke_syscall+0x40/0xf8 [ 360.494661] el0_svc_common.constprop.3+0xf0/0x110 [ 360.499515] do_el0_svc+0x20/0x78 [ 360.502877] el0_svc+0x48/0xf8 [ 360.505977] el0t_64_sync_handler+0x88/0xb0 [ 360.510216] el0t_64_sync+0x148/0x14c [ 360.513930] irq event stamp: 4306 [ 360.517288] hardirqs last enabled at (4305): [] __cancel_work_timer+0x130/0x1b0 [ 360.526359] hardirqs last disabled at (4306): [] el1_dbg+0x24/0x88 [ 360.534204] softirqs last enabled at (4278): [] _stext+0x4a0/0x5e0 [ 360.542133] softirqs last disabled at (4267): [] irq_exit_rcu+0x18c/0x1b0 [ 360.550591] ---[ end trace 0000000000000000 ]--- "}], "lastModified": "2025-10-22T17:27:21.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E62665-0BA6-440F-83E8-6F8EC2D3C9DF", "versionEndExcluding": "5.15.46"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}